GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri Jul 31, 2020 6:26 pm Post subject: [ GLSA 202007-62 ] PyCrypto |
 |
|
Gentoo Linux Security Advisory
Title: PyCrypto: Weak key generation (GLSA 202007-62)
Severity: normal
Exploitable: remote
Date: 2020-07-31
Bug(s): #703682
ID: 202007-62
Synopsis
A flaw in PyCrypto allow remote attackers to obtain sensitive
information.
Background
PyCrypto is the Python Cryptography Toolkit.
Affected Packages
Package: dev-python/pycrypto
Vulnerable: <= 2.6.1-r2
Architectures: All supported architectures
Description
It was discovered that PyCrypto incorrectly generated ElGamal key
parameters.
Impact
Attackers may be able to obtain sensitive information by reading
ciphertext data.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for PyCrypto. We recommend that users
unmerge PyCrypto:
# emerge --unmerge “dev-python/pycrypto”NOTE: The Gentoo developer(s) maintaining PyCrypto have discontinued
support at this time. PyCryptodome is the canonical successor to
PyCrypto.
References
CVE-2018-6594 |
|
News & Announcements
